[ctf wiki pwn] stackoverflow: ret2dlresolve Series 1 (_dl_runtime_resolve glibc source code analysis and practice)

1 _dl_runtime_resolve entry _ dl_runtime_resolve is implemented by assembly in glibc, in which the 32-bit entry point is / sysdeps / i386 / dl trampoline S. 64 bit entry point in / sysps_ 64/dl-trampoline. S. This paper mainly analyzes the 32-bit source code, version 2.23. From glibc online source website https://elixir.bootlin.com/glibc/ ...

Posted by tnkannan on Sun, 16 Jan 2022 00:33:45 +0100

[pwn learning] Canary's various bypassing postures

Method 1: get Canary by overwriting truncated characters principle Canary's low byte is designed to be \ x00, which is intended to prevent Canary from being read directly by read, write and other functions. The value of Canary can be read out by overwriting the low \ x00 through stack overflow. From the above analysis, we can sort out th ...

Posted by jimmyp3016 on Fri, 24 Dec 2021 19:27:31 +0100

TryHackMe learning notes - The Cod Caper

summary Continue the learning record of TryHackMe. This time, the target is The Cod Caper, and the content is from Web vulnerability exploitation to buffer overflow. After starting the target, the IP address of the target is 10.10 one hundred and sixty-two point one seven seven Port scan nmap port scan found 2 ports open nmap -Pn --o ...

Posted by Daisy Cutter on Sat, 18 Dec 2021 20:12:04 +0100

Introduction to kernel pwn ciscn2017_babydrive UAF

The first time to start the kernel problem depends on the reproduction of fmyy master's blog. After the reproduction, I have a general understanding of the use of uaf in the kernel. Problem solving steps: 1. Write a blog with a short talk. The topic gives us a compressed package and decompresses it. It is found that there is no vmlinux. Therefo ...

Posted by vimukthi on Sat, 18 Dec 2021 17:00:39 +0100

WMCTF 2021 pwn dy_maze writeup

  after three days of hard work (fishing and paddling √), WMCTF 2021 is finally over, and our Mengxin experience team has also achieved the top 30 results with the joint efforts of everyone, which is really beyond my expectation. However, for our first game, the results are the most important aspect. The seriousness and concentration ...

Posted by timtom3 on Sat, 18 Dec 2021 13:03:19 +0100